Second Ashley Madison dump prompts more inside-job speculation

The second data dump from Ashley Madison has prompted renewed speculation that the whole hack was an inside job.

The Impact Team hackers behind the breach of the infidelity website followed up on the release of a user database of Tuesday with the release of a second data dump, supposedly containing the Avid Life Media CEO's emails and source code. Security experts began suggesting that the breach of Ashley Madison might be an inside job when the hack first emerged last month. Suggestions that the hacking might have been perpetrated by someone who had access to the network of parent firm ALM, such as a former employee or contractor, have increased with the latest data dump.

Idan Tendler, a former commander of Unit 8200, the cyber-warfare division of the Israeli Defense Forces, commented: “The sheer volume of data that has been accessed and revealed suggests a substantial amount of time the Impact Team had to survey the ALM [Avid Life Media] network before slowly siphoning away the data. Once a hacker has obtained legitimate user credentials, it’s game over.

“Without proper monitoring and visibility, a hacker can potentially lurk on a network for months snooping around for the ‘crown jewels'. This is the kind of activity that preceded other devastating hacks like Target and OPM,” he added.

Tendler is the chief exec of Fortscale Labs – which specialises in detecting cyberthreats through intelligence-driven Big Data analytics – previously noted that the initial data dump by hackers contained keys to a Windows domain.

Separate analysis of the content of the two leaks by a Register source revealed a wide-ranging and eclectic collection of files including:

Database dumps

Company PowerPoint presentation documents

Marketing documents

Technology deployment files

Loan agreements

Company PayPal accounts

CEO emails

Source code for their mobile app

It appears a small selection of documents were plucked from each department of Avid Life Media, and these sensitive internal documents were of a type few organisations would put on their production web servers.

“Their public servers and their corporate networks are probably completely disparate and are unlikely to be co-located,” our source speculated. “As a consequence, I would expect a 'hack' from the outside to turn up at most all of the publicly available content (usernames, passwords, profiles, photos, payments, etc.) but not the internal, corporate, stuff.”

The presence of both external and internal documents in a single release suggests that this was an "inside job" and that someone collected this data and released it in one batch, the argument goes.

Avid Life Media had no immediate response to questions about whether it suspected an insider threat, instead offering a previously issued statement on the second data dump stating that police were investigating and promising to improve its security as it continues with its business.

We are aware of the reports that criminals have stolen proprietary company files from Avid Life Media (ALM) and are disseminating them online. We are working with law enforcement, including the US Federal Bureau of Investigation (FBI), the Royal Canadian Mounted Police (RCMP), the Ontario Provincial Police (OPP) and the Toronto Police Services (TPS) to determine who is behind this criminal activity.

Regardless of the nature of the content, our customers, this company, and its employees are all exercising their legal and individual rights, and all deserve the ability to do so unhindered by outside interference, vigilantism, selective moralising and judgment. The individual or individuals who are responsible for this straightforward case of theft should be held accountable to the fullest extent of international law.

As for the operations of Avid Life Media, we continue to devote significant resources to our security protocols and systems and we continue to support our customers around the world.